Solved

Exchange 2010 errors communicating with Domain Controllers

Posted on 2013-06-11
6
388 Views
Last Modified: 2013-08-11
I have three Hyper-V Servers all on one physical machine,
1. Domain Controller 1 running WIndows 2012
2. Domain Controller 2 Running Windows 2012
3. Exchange 2010 running Windows 2008 R2

after a few months running just fine, suddenly the Exchange server is complaining it cannot find the DC's.

I get the Application Error logs saying Event ID 2604 MSExchangeADAccess
Eventi ID 2103, 2114, and 2102.

I already looked at the Default Domain Security settings where you make sure it is the Local Domain Controllers policy and not just the Local Domain policy.

Then I reboot and it seems fine...for awhile. Any ideas?
0
Comment
Question by:garyoh
  • 4
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Jaihunt
ID: 39236969
Hi

Did you check any DNS issues in the DC's. Check Network issues also. What is the primary and secondary DNS settings for the DC's.

Thanks
  Jai
0
 

Author Comment

by:garyoh
ID: 39238372
For the dc's, I have each one pointing to itself first and to the other second.
I did have a strange thing when I pinged the dc's from the exchange box by name: it pinged the IP v6 address and all boxes now have IP v6 disabled in the net adapter properties. Should I have IP  v6 on? I also see IP v6 entries in the DNS tables on both dc's. also when I run dcdiag, I do get some errors about replication. Should I have IP v6 all on or all off? And, if all off, should I manually delete all IP v6 entries in the DNS tables? Just curious.
0
 
LVL 13

Expert Comment

by:Jaihunt
ID: 39238397
Disable the IPv6 and remove the entries also make sure you are able to resolve the dc from exchange. what replication errors you get from DC
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:garyoh
ID: 39238597
I did mention these are all Hyper-V instances on a single physical server, right? I don't know if that matters or not. I would not think so.

When I tried to ping the dc's from the exchange server, I get this:
Pinging DC2012-1.mydomain.local from [ipv6 address] with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.
ping statistics for [ipv6 address]:
sent=4, received = 0

when I run "dcdiag /s:DC2012-1", I get errors here:
"NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes in Filtered Set access rights for the naming context:
...all the DC stuff here"

That's it.

I did go into the DNS servers and remove the ip v6 entries from there except for two which are these:
in forward Look zones --> mydomain.local --> there is a "(same as parent folder) IPv6 (AAAA) [IPv6 Address] and a date"
Should those get deleted as well?

Thanks for your help
0
 

Accepted Solution

by:
garyoh earned 0 total points
ID: 39386549
We called Microsoft Tech Support and got them involved. The solution was completed by a Tech there with one of my techs. Unfortunately, I have no input on the final solution. Sorry.
0
 

Author Closing Comment

by:garyoh
ID: 39399511
No solution was provided except by MS.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question